
10 March 2025
“When we use terms like 'autonomous' and 'augmented', we need to be really careful,” says Grant Paling. “Words matter — especially when they shape expectations about what AI can or can’t do in security.”
In the context of the modern SOC, 'autonomous' suggests systems that operate entirely without human input — a fully hands-off model. But in reality, that level of AI maturity simply doesn’t exist in cybersecurity. “If we’re not realistic about AI’s limitations, we risk overestimating what these systems can do and underestimating the ongoing need for human oversight.”
Instead, the term 'augmented' better reflects where we are — and where we’re heading. AI doesn’t replace analysts. It supports and enhances their capabilities, helping them move faster, filter out noise with additional assurance, and focus on what truly matters.
“The most meaningful impact of AI in the SOC is in efficiency,” Grant explains. “It's in triaging alerts, enriching data automatically, detecting anomalies that humans would struggle to spot on their own — and doing all of that at speed and scale.”
Rather than trying to ‘autonomize’ the entire SOC, the focus should be on augmenting specific stages of the analyst workflow: detecting known patterns faster, presenting relevant context specific to each environment monitored, and suggesting best practice containment and remediation actions. “The real value is when AI makes people faster and more confident in their decisions — not when it tries to take the decision out of their hands.”
Even with the most advanced tools in play, Grant is clear: human judgment remains essential. “We employ hundreds of security analysts globally — and that number isn’t going down. Why? Because cybersecurity is full of edge cases, subtleties, and contextual factors that machines simply can’t grasp.”
An effective SOC requires adaptability, ethical reasoning, and intuition — things no current algorithm can replicate. “If we present AI as a replacement for human talent, we risk undermining the entire value of a layered security approach.”
The analysts of tomorrow don’t need to become data scientists, but they do need to understand how AI can support them.
“Curiosity is a big one,” says Grant. “Understanding the ‘why’ behind an AI-generated recommendation makes analysts more confident and capable in using the tool effectively.” In practice, this means learning to ask questions, interpret patterns, and — critically — knowing when to challenge or override the machine.
“The best outcomes I can see are when analysts work with AI, not around it.”
Rather than creating a new legal paradigm, the introduction of AI adds another layer to an already regulated environment. “Ultimately, humans remain accountable,” he adds. “AI can support decisions, but it doesn’t replace the responsibility of the analysts, engineers, or the organization itself.”
To build trust, transparency needs to be operational – with clear explanations of how AI outputs are generated, and mechanisms in place for human review and intervention. “We must treat AI like any other tool: powerful, but not beyond scrutiny.”
“The future SOC will be faster, more adaptive, and more deeply integrated with AI - but it will still be human-led,” says Grant. Analysts will work side by side with AI systems that are more context-aware, predictive, and supportive of complex workflows. AI will help prioritize alerts, reduce time-to-response, and elevate situational awareness across the SOC.
But there's another side to the coin.
“As defenders, we’ll be using AI more than ever – but so will the attackers,” Grant points out. “That’s the reality. AI isn’t just fueling our capabilities; it’s also enhancing the sophistication and speed of malicious actors. So what we’ll see is two opposing forces, both augmented by AI, continuously evolving and adapting in response to each other.”
This dynamic, Grant believes, will define the future of cybersecurity operations. “We won’t have a fully autonomous SOC - we’ll have an augmented battlefield where intelligence, agility, and human oversight are more important than ever.”
As we move deeper into an AI-assisted era, one thing is clear: technology alone won’t define the future of the SOC - people will. At Orange Cyberdefense, we believe in empowering defenders with the right intelligence, the right tools, and the right support to navigate complexity with clarity.
Because in a world where both sides are augmented, it’s not just about keeping up – it’s about leading with confidence.
Learn more about AI securityProduct Management Director
Orange Cyberdefense
Grant Paling is a cybersecurity product leader with extensive experience in managed services, threat intelligence, and incident response. At Orange Cyberdefense, he leads the strategic development of Microsoft-integrated security solutions and drives innovation across transversal services.
Previously at SecureLink, Grant built and led incident response and CSIRT capabilities across Europe. With a unique mix of technical depth and client-focused insight, he helps organizations get the most value from their security investments.
10 March 2025
6 March 2025
11 March 2025
11 February 2025